Posted
by
Unknown Lameron Tuesday December 06, 2011 @06:15AM
from the install-our-useful-toolbar dept.

Zocalo writes "In a post to the Nmap Hackers list Nmap author Fyodor accuses Download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings, and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either."

Download.com has been funded by bullshit third-party software addons for as long as I can remember. AFAIK, they only recently started this practice of causing the user to download a downloader which would first go through the third-party addons before downloading the actual installer... but it's not like it's any different than before. Yeah, lots of people will just click through and accept everything and that's their fault for not reading things before agreeing to them. Don't blame a free service operated by a for-profit corporation for wanting to make money. Host the Nmap installer yourself if you think it's so easy.

Download.com have always done this... I thought this was how they funded the site.

This may be true, but doesn't shadow the efforts of those irritated enough to stand up and say something. Hats off to Fyodor for bringing it to light in hopes that things change.

And as knowledgeable as the average user has (been forced to) become about spyware and malware, Download.com should listen, because it's obviously not just those uploading content that keeps them in business. Let's hope they don't react and generate that stench of arrogance around themselves, not unlike many large businesses today that think they're "too big to fail", and could care less what their customers think.

I liked it years ago. They made it easy to search for a function and get a list of windows software that did it. Back then I usually couldn't find who made software that did what I needed done. I coudn't go to the software producer's site, because I didn't know who he was. Now I just google around a bit, search some forums and hope for the best. In my eyes they already screwed up when they allowed sw developers to promote the features of the full (paid) version in the description of the free version without any indication the free version didn't include the feature.

Yes it is news for me.I submitted something I wrote a while back and it used to offer the file the way I uploaded it. I just checked and sure enough my download is now wrapped in a Cnet installer. Now I need to dig out my account info and remove my software listing because this is fucking BULLSHIT!

That's what I finally had to do, when some entity (might've been download.com, might've been someone else) offered an alternative download location for my software - which bundled some sort of malware installer onto my software. After one attempt to remove them as an alternate, I was told I could request my software be removed, and that's what I did. This occurred back in 2004. [degreez.net]

This extremely common practice of bundling garbage with every download is the cancer that is killing Windows freeware, and no, it's not limited to Download.com.

A while ago, when I was in-between jobs and looking for some freelance work, I stumbled upon an entire "community" of scammers known as PPI : Pay-Pay-Install. This forum was all about participating in these shady bundling practices, discussing the advertisers that were most tolerant to things like silent installs, home page swaps, BHO's that redirect your Google searches through a proxy (to hijack ad revenue), Vista sidebar widgets, toolbars, bookmarks, and start-up items, along with uploading deceptively named and heavily trojaned stuff via P2P. This is why, with every goddamned Windows utility you get these days, you get prompted to installt he Ask.com toolbar, BonziBuddy, free trials for McAfee's swiss cheese, and a laundry list of other standards.

CNet should indeed be made an example of, and burned to the ground, but they didn't start this gangbang, the advertisers did. Follow the money... There is no reason why users should tolerate this aberrant behaviour.